Skip to content
/ qute-keepassxc Public

Qutebrowser userscript to fetch credentials from KeepassXC password database

License

MIT license
54 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ususdei/qute-keepassxc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
qute-keepassxc
qute-keepassxc
 
 

Repository files navigation

Introduction

This is a qutebrowser userscript to fill website credentials from a KeepassXC password database.

Installation

First, you need to enable KeepassXC-Browser extensions in your KeepassXC config.

Second, you must make sure to have a working private-public-key-pair in your GPG keyring.

Then, simply check out this repository and, if you do not want to configure an explicit path, symlink the qute-keepassxc to your ~/.local/share/qutebrowser/userscripts/qute-keepassxc. Install the python module pynacl. Make sure qute-keepassxc is executable.

Finally, adapt your qutebrowser config. You can e.g. add the following lines to your ~/.config/qutebrowser/config.py Remember to replace ABC1234 with your actual GPG key.

config.bind('<Alt-Shift-u>', 'spawn --userscript qute-keepassxc --key ABC1234', mode='insert')
config.bind('pw', 'spawn --userscript qute-keepassxc --key ABC1234', mode='normal')

If you did not symlink qute-keepassxc you need to provide the full path here.

N.B. To manage multiple accounts you need the rofi program.

Usage

If you are on a webpage with a login form, simply activate one of the configured key-bindings.

The first time you run this script, KeepassXC will ask you for authentication like with any other browser extension. Just provide a name of your choice and accept the request if nothing looks fishy.

How it works

This script will talk to KeepassXC using the native KeepassXC-Browser protocol.

This script needs to store the key used to associate with your KeepassXC instance somewhere. Unlike most browser extensions which only use plain local storage, this one attempts to do so in a safe way by storing the key in encrypted form using GPG. Therefore you need to have a public-key-pair readily set up.

GPG might then ask for your private-key password whenever you query the database for login credentials.

TOTP

This script recently received experimental TOTP support. To use it, you need to have working TOTP authentication within KeepassXC. Then call qute-keepassxc with the --totp flags.

For example, I have the following line in my config.py:

config.bind('pt', 'spawn --userscript qute-keepassxc --key ABC1234 --totp', mode='normal')

For now this script will simply insert the TOTP-token into the currently selected input field, since I have not yet found a reliable way to identify the correct field within all existing login forms. Thus you need to manually select the TOTP input field, press escape to leave input mode and then enter pt to fill in the token (or configure another key-binding for insert mode if you prefer that).

Compatiblity

Tested with:

  • KeepassXC 2.7.9
  • qutebrowser v3.3.1
  • python 3.12.7

License

Copyright (c) 2018-2024, Markus Blöchl. Released under the MIT License.

About

Qutebrowser userscript to fetch credentials from KeepassXC password database

Topics

python password qutebrowser keepass keepassxc

Resources

Readme

License

MIT license
Activity

Stars

54 stars

Watchers

9 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages